Papers should be available from Pitt domain.

Assigned Papers

1. [Assigned for HW 3] Ravi S. Sandhu, Pierangela Samarati, “Access Control: Principles and Practice”, IEEE Communications Magazine, September 1994. (PDF version)

General Reading List

• James B. D. Joshi, Walid G. Aref, Arif Ghafoor and Eugene H. Spafford, "Security models for web-based applications", Communications of the ACM , 44, 2 (Feb. 2001), Page 38-44. (PDF version).
• Michael A. Harrison, Walter L. Ruzzo and Jeffrey D. Ullman, "Protection in Operating Systems", Communications of the ACM, Vol 19, No 8, August  1976. (pdf)
• Bhavani M. Thuraisingham, Chris Clifton, Amar Gupta, Elisa Bertino, Elena Ferrari, “Directions for Web and E-Commerce Applications Security,” WETICE 2001: 200-204 (PDF Version)
•  James Joshi, Arif Ghafoor, Walid G. Aref, Eugene H. Spafford: Digital Government Security Infrastructure Design Challenges. IEEE Computer 34(2): 66-72 (2001) (PDF Version)
• Dorothy E. Denning and Peter J. Denning, "Data Security", Computing Surveys, Vol 11, No. 3, September, 1979 (pdf)
• Carl, E. Landwehr, "Formal Models for Computer Security," Computing Surveys, Vol 13, No 3, September, 1981 (pdf)
• Ravindrapal Singh Sandhu, "The Schematic Protection Model: Its Definition and Analysis for Acyclic Attenuating Schemes," Journal of Association of Computing Machinery, Vol 35, No. 2, April 1988, pp 404-432. (pdf).
• David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, Ramaswamy Chandramouli, "Proposed NIST Standard for Role-based Access Control," ACM Transactions on Information and Systems Security, Vol. 4, Issue 3, August 2001 (pdf).
• S. Osborn, R. Sandhu, Q. Munawer, “Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies”, ACM Transaction on Information and System Security, May 2000. (PDF version)